REMARKS 

The present Amendment amends claims 8-13. Therefore, the present 
application has pending claims 8-13. 

The drawings stand objected to under 37 CFR §1. 83(a) and 37 CFR 
§1.84(p)(4) as allegedly failing to show various elements described in the 
specification. Filed on even date herewith are Proposed Drawing Corrections 
correcting Fig. 3 so as to identify the OS as reference numeral 150. Also, 
amendments were made to the specification particularly page 13 so as to describe 
element 43 as illustrated in Fig. 4. 

In the Office Action the Examiner objected to the drawings as not illustrating 
element 135 as described in the specification on page 29, lines 1 and 2. Element 
135 is illustrated in Fig. 18 and as such is described on page 28, lines 1 1-15. Thus, 
element 135 is in fact illustrated in Fig. 18 and discussed in the disclosure. 

In the Office Action the Examiner objected to the drawings alleging that 
reference numeral 31 and 31' have both been used to designate the modified 
apparatus. This incorrect as illustrated in Fig. 18 and as described on page 28, lines 
5-8 of the present application, reference numeral 31' identifies an information 
security policy management and audit support apparatus 31' which is modified 
relative to the information security policy management and audit support apparatus 
31 as illustrated in Fig. 2. The information security policy management and audit 
support apparatus 31 ' as illustrated in Fig. 18 is modified relative to the information 
security policy management and audit and support apparatus 31 illustrated in Fig. 2. 
The external storage device 13 of element 31' as illustrated in Fig. 18 includes the 
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constitution device information/security status database of management and audit 
135 which is not a part of the external storage device 13 of the information security 
policy management and audit support apparatus 31 as illustrated in Fig. 2. At no 
point are these reference numerals interchanged. Therefore, the specification fully 
complies with the requirements of 37 CFR §1. 83(a) and 37 CFR §1.84(p)(4). 
Accordingly, reconsideration and withdrawal of the objections to the drawings is 
respectfully requested. 

The abstract stands objected to due to informalities noted by the Examiner in 
the Office Action. Amendments were made to the Abstract to correct the 
informalities noted by the Examiner. Therefore, Applicants submit that this objection 
is overcome and should be withdrawn. 

Claims 8-12 stand objected to due to informalities noted by the Examiner in 
the Office Action. Amendments were made to the claims so as to correct any 
informalities discovered upon review. However, the Examiner recommends 
amending the claims to include certain stylistic modifications (e.g., beginning each 
paragraph with a letter. Applicants submit that the stylistic modifications suggested 
by the Examiner are necessary in order for the public to be fully apprised of the 
meets and bounds of the features of the present invention as recited in the claims. 
Accordingly, the claims were amended to improve the language therein without the 
use of the stylistic modifications suggested by the Examiner. 

Therefore, the objections to claims 8-12 are overcome and should be 
withdrawn. 
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Claims 8-13 stand rejected under 35 USC §112, second paragraph as being 
indefinite for failing to particularly point out and distinctly claim the subject matter 
which Applicants regards as their invention. Various amendments were made 
throughout claims 8-13 to bring them into conformity with the requirements of 35 
USC §112, second paragraph. Therefore, Applicants submit that this rejection is 
overcome and should be withdrawn. 

Specifically, amendments were made throughout claims 8-13 to overcome the 
objections noted by the Examiner in the Office Action. Particularly, amendments 
were made throughout the claims to correct the informalities noted by the Examiner. 

The Examiner's cooperation is respectfully requested to contact Applicants' 
Attorney by telephone should any further indefinite matter be discovered so that 
appropriate amendments may be made. 

Claims 8-1 1 and 13 stand rejected under 35 USC §1 03(a) as being 
unpatentable over Wiegel (U.S. Patent No. 6,484,261) and further in view of Grimm 
(U.S. Patent No. 6,317,868); and claim 12 stands rejected under 35 USC §103(a) as 
being unpatentable over Wiegel, Grimm and further in Cert (the article entitled 
"CERT'S CC Vendor-Initiated Bulletins 1994-1998"). These rejections are traversed 
for the following reasons. Applicants submit that the features of the present 
invention as now more clearly recited in claims 8-13 are not taught or suggested by 
Wiegel, Grimm or Cert whether taken individually or in combination with each other 
as suggested by the Examiner. Therefore, Applicants respectfully request the 
Examiner to reconsider and withdraw these rejections. 
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Amendments were made to the claims so as to more clearly describe features 
of the present invention. Particularly, amendments were made to the claims to more 
clearly recite that the present invention is directed to a security management method 
and system for supporting security management of managing systems constituting 
an information system. According to the present invention, a plurality of security 
control names and names for obtaining the status/changing configuration of the 
security control means, information security policy management and inspection 
supporting device are provided so as to aid in the simplified control and management 
of security conditions of an information system while conforming to security policy. 
According to the present invention, the security management method and system 
inspects whether the managed system is constructed and operated in conformity to 
the policy established in the design phase of such information system and is able to 
make changes in configurations of the managed systems when there is a problem by 
feeding back such information identifying such problems to the security management 
method and system. 

The above described features of the present invention now more clearly 
recited in the claims are not taught or suggested by Wiegel, Grimm or Cert whether 
taken individually or in combination with each other as suggested by the Examiner. 

Wiegel teaches a graphical network security policy management method and 
system which supports the establishment of a security policy in the form of a 
decision tree that is constructed by assembling graphical symbols representing 
policy actions and policy conditions. As taught by Wiegel, a user modifies properties 
of the graphical symbols to create a logical representation of the policy while the 
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logical representation is transformed into a textual script that represents the policy 
and the script is displayed as the user works with the logical representation. The 
script is then translated into machine instructions that govern the operation of a 
network gateway or firewall. However, at no point is there any teaching or 
suggestion in Wiegel of providing security control means and means for obtaining 
status of security of different managed systems and to change configuration of the 
managed systems for controlling a security both during the design phase and during 
the operation phase as in the present invention. The system taught by Wiegel could 
support the establishment of security policies. However, the system taught by 
Wiegel is not intended to inspect whether the system operates in conformity to the 
security policy established during the design as in the present invention such as, for 
example, during operation of the system as in the present invention. 

Thus, Wiegel fails to teach or suggest a security specification hatching step of 
executing an information security policy which corresponds to each managed system 
constituting an information system designated by a user from a database describing 
a correspondence between information security policies representing policies of 
security measures with at least one managed system and the managed systems, to 
hatch security specification to be applied to the information system as recited in the 
claims. 

Further, Wiegel fails to teach or suggest a security diagnosis step of executing 
a plurality of audit programs describing a processing for auditing various information 
including a type of the managed and a software version, which are stored so as to 
correspond to each set of the information security policy and the managed system 

15 



which are specified by the hatched security specifications as well as by a security 
status to audit the various information including the type of the software version of 
the managed system constituting the information system designated by the user and 
diagnose a security of the information system as recited in the claims. 

Still further, Wiegel fails to teach or suggest a security handling and 
management step of executing a management program designated by the user from 
a plurality of management programs describing a process for controlling the security 
status concerning the security policy of the managed system stored so as to 
correspond to each set of the information security policy and the managed system 
which are specified by the hatched security specifications to allow the electronic 
computer to change the security status of the managed system corresponding to the 
management program so as to adjust the security status to the information security 
policy corresponding to the management program as recited in the claims. 

The above noted deficiencies of Wiegel are also evident in Grimm. Therefore, 
combining the teachings of Wiegel and Grimm in the manner suggested by the 
Examiner in the Office Action still fails to teach or suggest the features of the present 
invention as now more clearly recited in the claims. 

Grimm teaches a process for transparently enforcing protection domains and 
access control as well auditing operations and software components. Grimm 
specifically teaches an introspection service for analyzing software component and 
an interposition service for correcting the software components as its constituents 
elements. Grimm the same as Wiegel fails to teach or suggest the above described 
features of the present invention regarding the providing of security control means 
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and means for obtaining the status and changing the configuration of the security 
control means in the appropriate manner relative to the security specifications. 
Thus, at no point is there any teaching or suggestion in Grimm of the above 
described features of the present invention regarding the security specification 
hatching step, the security diagnosing step and the security handling and 
management step as recited in the claims. 

Thus, as is quite clear from the above both Wiegel and Grimm fail to teach or 
suggest the features of the present invention as now more clearly recited in the 
claims. Therefore, combining the teachings of Wiegel and Grimm in the manner 
suggested by the Examiner still fails to teach or suggest the features of the present 
invention as now more clearly recited in the claims. Accordingly, reconsideration 
and withdrawal of the 35 USC §1 03(a) rejection of claims 8-11 and 13 as being 
unpatentable over Wiegel in view of Grimm is respectfully requested. 

The above noted deficiencies of Wiegel and Grimm are also not supplied by 
Cert. Cert is merely relied upon by the Examiner for an alleged teaching of security 
information published by a security information organization including Cert. Thus, at 
no point is there any teaching or suggestion in Cert of the above described features 
of the present invention regarding the security specification hatching step, the 
security diagnosis step and the security handling and management step as recited in 
the claims. 

Thus, Cert suffers from the same deficiencies relative to the features of the 
present invention as recited in the claims as Wiegel and Grimm. Therefore, 
combining the teachings of Wiegel, Grimm and Cert in the manner suggested by the 



17 



Examiner in the Office Action still fails to teach or suggest the features of the present 
invention as now more clearly recited in the claims. Accordingly, reconsideration 
and withdrawal of the 35 USC §1 03(a) rejection of claim 12 as being unpatentable 
over Wiegel, Grimm and Cert is respectfully requested. 

The remaining references of record have been studied. Applicants submit 
that they do not supply any of the deficiencies noted above with respect to the 
references utilized in the rejection of claims 8-13. 

In view of the foregoing amendments and remarks, applicants submit that 
claims 8-13 are in condition for allowance. Accordingly, early allowance of claims 8- 
13 is respectfully requested. 

To the extent necessary, the applicants petition for an extension of time under 
37 CFR 1.136. Please charge any shortage in fees due in connection with the filing 
of this paper, including extension of time fees, or credit any overpayment of fees, to 
the deposit account of MATTINGLY, STANGER, MALUR & BRUNDIDGE, P.C., 
Deposit Account No. 50-1417 (566.39530VX1). 



Respectfully submitted, 



MATTINGLY, STANGER, MALUR & BRUNDIDGE, P.C. 




Carl I. Brundidge 
Registration No. 29,621 
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